# HG changeset patch # User asaha # Date 1437090408 25200 # Node ID fd1b5a75214c0ba83a9829b155b81cae3a7f17e7 # Parent 15851994f9f81f6de37b63683c8cd9b19ae90ed1# Parent 05084f644c07a81e2b246db38917df253f5e2882 Merge diff -r 15851994f9f8 -r fd1b5a75214c .hgtags --- a/.hgtags Thu Jul 16 14:23:10 2015 -0700 +++ b/.hgtags Thu Jul 16 16:46:48 2015 -0700 @@ -401,6 +401,11 @@ 4afc048fe6ff7fc3fdbdadd8027549805c426d0d jdk8u45-b15 e67045c893eaf5e3336c4fd849786fa15b81b601 jdk8u45-b31 f2aeb52cb7cef1f984661a583baac67402f633a5 jdk8u45-b32 +e26a2620b5d206837fedab74fc84f068c7f47fa2 jdk8u45-b33 +c1399b5a4592414a8b8e6f64be019e8cf1f46074 jdk8u45-b34 +2f010018174e90b8673e5c4a3cdfed0a3c4c2fe2 jdk8u45-b35 +e953ae033f0c530f3588df430589582b6b7108d7 jdk8u45-b36 +883940e19107877d2b8c486b003253d2433fd59d jdk8u45-b37 72d116eea419824044f8dd4ae9d3a012946f72a4 jdk8u51-b00 b9638b9fe23876fd2413f336ee1d4e05d409e6a9 jdk8u51-b01 bc5562ed3c2d69ffbff357e96d9e383479042000 jdk8u51-b02 @@ -418,6 +423,7 @@ 1fbfa02e524872a75e98ee3a80e2472fa7012fde jdk8u51-b14 d6e1f914c954f98caa31edd0037837830774dfb6 jdk8u51-b15 3b9b39af6c36216418b78c449dd3af17b865a952 jdk8u51-b16 +5980dad8f264bb5ec3982d64a7c0af86fc5b3d16 jdk8u51-b31 8bbc2bb414b7e9331c2014c230553d72c9d161c5 jdk8u60-b00 15ae8298b34beb30f2bd7baa7ff895af2bec13f6 jdk8u60-b01 a98524c04cbd24bbc3029b21c033abf9108e92b4 jdk8u60-b02 @@ -443,5 +449,13 @@ 3a04901d83880634ecd70c8be992189228ccd746 jdk8u60-b22 0828bb6521738ad5a7fe11f0aa3495465f002848 jdk8u60-b23 b0779099d006fcb2a0af493e2a2f828411bfad33 jdk8u60-b24 +8e247b5216a5a4623c1bef7331585d78e7c0fb15 jdk8u52-b06 +974e2fd9b5b3cec38cceb35c93bcc3b5bedbe91c jdk8u52-b07 +8e247b5216a5a4623c1bef7331585d78e7c0fb15 jdk8u65-b00 +31ceb15b19bee8e02aa2cf4be5c3f147ad6afb22 jdk8u65-b01 +4c8bc7757f825f9fe0806fa13f0fe85b1a20982a jdk8u65-b02 +7a98523691a9657d4f5ecf8fb71476cecc6d5c4d jdk8u65-b03 +771cf2ce97e332e1ecffe4818d0fbe77f11e28a2 jdk8u65-b04 +5b6ff67eed5f25cc710a53026e706597c9193f56 jdk8u65-b05 3a04901d83880634ecd70c8be992189228ccd746 jdk8u66-b00 3717d70ac87f5e5579e540cd990b4e958c5990a4 jdk8u66-b01 diff -r 15851994f9f8 -r fd1b5a75214c src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java --- a/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java Thu Jul 16 14:23:10 2015 -0700 +++ b/src/share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java Thu Jul 16 16:46:48 2015 -0700 @@ -567,6 +567,11 @@ // XXX I18N, logging needed. throw new NotActiveException("defaultReadObjectDelegate"); + if (!currentClassDesc.forClass().isAssignableFrom( + currentObject.getClass())) { + throw new IOException("Object Type mismatch"); + } + // The array will be null unless fields were retrieved // remotely because of a serializable version difference. // Bug fix for 4365188. See the definition of @@ -1063,6 +1068,9 @@ int spBase = spClass; // current top of stack + if (currentClass.getName().equals("java.lang.String")) { + return this.readUTF(); + } /* The object's classes should be processed from supertype to subtype * Push all the clases of the current object onto a stack. * Note that only the serializable classes are represented @@ -2257,6 +2265,27 @@ try { Class fieldCl = fields[i].getClazz(); + if ((objectValue != null) + && (!fieldCl.isAssignableFrom( + objectValue.getClass()))) { + throw new IllegalArgumentException("Field mismatch"); + } + Field classField = null; + try { + classField = cl.getDeclaredField(fields[i].getName()); + } catch (NoSuchFieldException nsfEx) { + throw new IllegalArgumentException(nsfEx); + } catch (SecurityException secEx) { + throw new IllegalArgumentException(secEx.getCause()); + } + Class declaredFieldClass = classField.getType(); + + // check input field type is a declared field type + // input field is a subclass of the declared field + if (!declaredFieldClass.isAssignableFrom(fieldCl)) { + throw new IllegalArgumentException( + "Field Type mismatch"); + } if (objectValue != null && !fieldCl.isInstance(objectValue)) { throw new IllegalArgumentException(); } diff -r 15851994f9f8 -r fd1b5a75214c src/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java --- a/src/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java Thu Jul 16 14:23:10 2015 -0700 +++ b/src/share/classes/com/sun/corba/se/impl/io/IIOPOutputStream.java Thu Jul 16 16:46:48 2015 -0700 @@ -559,6 +559,10 @@ * Push all the clases of the current object onto a stack. * Remember the stack pointer where this set of classes is being pushed. */ + if (currentClassDesc.forClass().getName().equals("java.lang.String")) { + this.writeUTF((String)obj); + return; + } int stackMark = classDescStack.size(); try { ObjectStreamClass next; diff -r 15851994f9f8 -r fd1b5a75214c src/share/classes/sun/rmi/rmic/iiop/StubGenerator.java --- a/src/share/classes/sun/rmi/rmic/iiop/StubGenerator.java Thu Jul 16 14:23:10 2015 -0700 +++ b/src/share/classes/sun/rmi/rmic/iiop/StubGenerator.java Thu Jul 16 16:46:48 2015 -0700 @@ -446,6 +446,9 @@ if (emitPermissionCheck) { // produce the following generated code for example + // + // private transient boolean _instantiated = false; + // // private static Void checkPermission() { // SecurityManager sm = System.getSecurityManager(); // if (sm != null) { @@ -460,11 +463,21 @@ // // public _XXXXX_Stub() { // this(checkPermission()); + // _instantiated = true; + // } + // + // private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException { + // checkPermission(); + // s.defaultReadObject(); + // _instantiated = true; // } // // where XXXXX is the name of the remote interface p.pln(); + p.plnI("private transient boolean _instantiated = false;"); + p.pln(); + p.pO(); p.plnI("private static Void checkPermission() {"); p.plnI("SecurityManager sm = System.getSecurityManager();"); p.pln("if (sm != null) {"); @@ -481,13 +494,23 @@ p.pO(); p.pI(); - p.pln("private " + currentClass + "(Void ignore) { }"); + p.plnI("private " + currentClass + "(Void ignore) { }"); p.pln(); - - p.plnI("public " + currentClass + "() { "); + p.pO(); + + p.plnI("public " + currentClass + "() {"); p.pln("this(checkPermission());"); + p.pln("_instantiated = true;"); p.pOln("}"); p.pln(); + p.plnI("private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException {"); + p.plnI("checkPermission();"); + p.pO(); + p.pln("s.defaultReadObject();"); + p.pln("_instantiated = true;"); + p.pOln("}"); + p.pln(); + //p.pO(); } if (!emitPermissionCheck) { @@ -894,6 +917,7 @@ String paramNames[] = method.getArgumentNames(); Type returnType = method.getReturnType(); ValueType[] exceptions = getStubExceptions(method,false); + boolean hasIOException = false; addNamesInUse(method); addNameInUse("_type_ids"); @@ -921,6 +945,13 @@ p.plnI(" {"); // Now create the method body... + if (emitPermissionCheck) { + p.pln("if ((System.getSecurityManager() != null) && (!_instantiated)) {"); + p.plnI(" throw new java.io.IOError(new java.io.IOException(\"InvalidObject \"));"); + p.pOln("}"); + p.pln(); + } + if (localStubs) { writeLocalStubMethodBody(p,method,theType);